Four lesser-known Wi-Fi security threats and how to defend against them

You’ve hardened your network against all the common weaknesses, now we’ll show you how to take your wireless security to the next level.

Here’s an example of a login prompt users would see when connecting to networks with enterprise Wi-Fi security.

Enterprise mode’s barrier to entry is that 802.1X user authentication requires the presence on the network of a server running the RADIUS (Remote Authentication Dial-in User Service) protocol.

But if you’re running a small business or you’re super security conscious about protecting your home network, there are various cloud and hosted services that will run the server for you—IronWiFi and JumpCloud even offer free tiers, albeit with limited numbers of Wi-Fi access points and users and limited tech support. Don’t go down that path unless you know what you’re doing.

Your router’s WPS button can be a threat vector

The Wi-Fi Protected Setup (WPS) feature that many wireless routers come with is supposed to help make it easier to secure your Wi-Fi nerwork and connect devices with a quick push of a button or the entry of a PIN {personal identification number). Security holes in this protocol discovered many years ago, however, can allow hackers to gainn access to the network without their needing to crack the router’s Wi-Fi password. Since this vulnerability has been known for so long, I assume at least some vendors have patched this hole, but I’m equalsure there’s many vulnerable routers out there still.

Reaver is a cracking tool that takes advantage of the weaknesses of WPS.

To be on the safe side, I recommend disabling the WPS feature on your gateway or router—if you can; unfortunately, some routers actually don’t allow this. If you don’t want to purchase a new router just because of this threat, you should check if there are any firmware updates for the router that could possibly patch this and other security holes.

Disabling SSID broadcasting can do more harm than good

One security tip that has circled the web since the beginning of Wi-Fi suggests disabling SSID (Service Set Identifier) broadcasting of your network, which is still possible on most wireless routers. Some say this will hide your network and keep people off, since they have to know the SSID in order to attempt a connection. There is a nugget of truth there, but it can do more harm than good.

You can prevent your router from broadcasting your wireless network's SSID, but that can have unforseen consequences.

When you configure your router to not broadcast your network’s SSID, you’re only removing the SSID from the beacons the Wi-Fi router sends to notify nearby Wi-Fi devices of the presence of that network. Those beacons are what populates the list of available networks on your laptops, smartphone, tablets, and other Wi-Fi devices. If the SSID isn’t included in the beacons, Windows devices these days will still indicate the presence of a network, it will just identify its name as “Hidden Network.” Other devices might show a blank name, or not show the network at all.